Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Mail and Web Security Blog
Showing posts in English
piero_depaoli | 29 Oct 2014 | 0 comments

In the last year, hackers have stolen more than 500 million financial records without ever entering a building -- and nearly 80% of businesses don’t even realize they’ve been hacked. Why? Because targeted attacks that pinpoint specific individuals within a company are very difficult to detect.  In a targeted attack, cybercriminals attach an infected file to a harmless looking email. Since the infected file looks as if it’s coming from a trusted source (through social engineering), employees are tricked into opening the attachment, unaware they just exposed the company to a sophisticated malware attack. One email could put a company at risk. If an attachment contains a zero-day threat -- a piece of malware never seen before – the threat can exploit a vulnerability on an employee's computer, allowing the attackers to have open access to the system.


Janene C | 08 Aug 2014 | 0 comments

As more customers move to cloud-based solutions for email and web, flexible data protection capabilities become critical. To address this, Symantec has upgraded the Content Control add-on for Email to better protect confidential information and intellectual property.  This new service, Data Protection, launches August 11th, 2014.

Data Protection includes an improved policy configuration engine and compliance and regulatory-focused templates to easily create and enforce data protection policies. Enhanced reporting and content matching let administrators see when policies are violated.  Policy resources, such as content keyword and regular expression lists, can be shared with the Web Data Protection service to apply rules consistently across email and web.

Employee email is more productive with acceptable use policies that protect against data loss and protect employees from inappropriate content. Data Protection analyzes multiple email...

Janene C | 04 Aug 2014 | 1 comment

A number of enhancements to Policy Based Encryption for Email are now available to improve the ease of use and extend the capabilities of Policy Based Encryption. These enhancements are specific to each encryption service, either PBE-E or PBE-Z.

Policy Based Encryption E

  • Outlook Plugin Enhancements – Encrypting from within Outlook is streamlined, and senders now have the ability to set a one-time portal password that recipients can use to pick up their messages without creating an account.
  • Attempt TLS – When enabled, PBE-E will attempt to use TLS as the first choice to securely deliver messages with no extra effort required by the sender or recipient. If TLS is not supported by the third party recipient’s...
Janene C | 02 May 2014 | 0 comments

Keeping email and web security services up and running is vital to businesses, and protecting the management of these services via a simple username and password is not enough for some organizations.

For those who desire additional security to further control access to the management portal of Symantec Email and Symantec Web, Symantec introduces new access control features:

  • Two-factor authentication
  • IP address restriction

Both two-factor authentication and IP address restriction options are being added to prevent unauthorized access to the management portal (also known as ClientNet). Administrators will have the option to enable one or both of these features for all administrative users within their organization.

Two-factor authentication requires something you know (like a user name and password) plus something you have (such as a one-time password from an app or token) to allow access. We are...

Matt Cooke | 29 Apr 2014 | 0 comments

Getting ready for Vegas? Symantec Vision Las Vegas 2014 is going to be a great event and they'll be lots of experts from our Email Security team on hand to talk to. Many of them will be talking at breakout sessions or working with you in hands-on labs.

If you're looking to find out how Email Security from Symantec has evolved, why Antivirus and Antispam won't cut the mustard, how you block targeted attacks in Office 365 or how the email gateway provides context to your security event clutter, then you should definitely checkout these session and labs from the team.

Not To Be Missed Breakout Sessions:

Wednesday 8th May
9:00am    Behind the Yellow Curtain: Discover Symantec's Proactive Protection Technology - 1481
3:15pm    ...

Ian McShane | 15 Apr 2014 | 0 comments

Last week, we shared details of how the HeartBleed OpenSSL vulneratbility affected our Email & Web Security products.

The newest feature in our Web product, the ability to analyze and control data over HTTPS communications, was found to be vulnerable and was taken offline immediately on April 9th 2014.  No other features, functionality or services were impacted.

I'm happy to announce that over the past weekend, we completed the work necessary to be able to restore this functionality.  With visibility into both unencrypted HTTP and encrypted HTTPS traffic, Symantec Web can secure users from malware, enforce web usage policy and prevent sensitive and confidential data from leaving the network.

As a reminder, the following products and services are NOT at risk and...

Ian McShane | 10 Apr 2014 | 2 comments

By now you should be well aware of the vulnerability CVE-2014-0160, nicknamed HeartBleed, that exists in a number of versions of OpenSSL - an extremely popular open source cryptographic library.

Yesterday, we provided some guidance on steps businesses and consumers should take in light of this vulnerability.

We have also made it very simple to inspect and verify many aspects of SSL certificate security, including whether a server is still vulnerable to the HeartBleed attack.

We are extremely sensitive to the anxiety felt by customers who rely on our software and services as a core part of their work and personal lives.  So today, I want to give you an...

Ian McShane | 27 Mar 2014 | 0 comments

One of the oldest tricks in the book for spammers is to spoof or forge the "From" address so that the email appears to come from a legitimate source.

This month, Symantec is introducing DMARC Validation as a free upgrade for Email customers, further enhancing our protection against these types of spam, targeted attacks and phishing messages.

Once customers enable this new functionality, Symantec will automatically check if sending domain owners have a published DMARC policy and check that the email is legitimate. 

Big, popular brands are often used in phishing and scam email attacks and I'm sure you've seen some of them first hand.
This is why over 80,000 domains have published DMARC policies and since 2011 it has been quickly adopted by some of the largest global brands and email senders such as Paypal, Twitter,, Yahoo! Mail, Facebook, LinkedIn and Bank of America.


piero_depaoli | 19 Nov 2013 | 2 comments

Most people today rely on email as their method for business communication – sending and receiving hundreds of emails every day. This dependence on email can create a weak link in securing corporate information and expose a company to attacks. While hackers still use general spam emails and social engineering (or phishing) attacks against organizations, they are now increasingly pursuing sophisticated and targeted attacks that are far more difficult to differentiate from the emails we typically receive. In fact, Symantec’s 2013 Internet Security Threat Report found a 42 percent increase in targeted attacks in 2012.  

Most spam emails are relatively easy to identify and quarantine, but targeted attacks are customized for their recipients, making them harder to spot. For example, a company’s HR department could receive an email that requests that they click on a link to check out...

Spencer Parkinson | 02 Oct 2013 | 0 comments

Information Security™ magazine and recently announced the winners of its 2013 Reader’s Choice Awards, which were selected based on feedback by customers who were asked to assess products deployed within their organizations. We’re excited to announce that Symantec was honored with eight awards – four Gold, two Silver and two Bronze –demonstrating significant representation across our diverse portfolio of market-leading security solutions.

Included below is a complete list of Symantec’s wins, which will be featured in the October edition of Information Security magazine and are highlighted online at

The Information Security magazine and 2013 Readers’ Choice Award winners were selected based on extensive, in-depth discussions and...